Commit graph

38 commits

Author SHA1 Message Date
Jeff Mitchell 75eb0f862e
Revert some of commit 050ab805a7565c5b0cadb0176023031ee5f0d17b. (#4768)
If we have a panic defer functions are run but unlocks aren't. Since we
can't really trust plugins and storage, this backs out the changes for
those parts of the request path.
2018-06-14 13:44:13 -04:00
Jeff Mitchell 0c2d2226c4
Remove a lot of deferred functions in the request path. (#4733)
* Remove a lot of deferred functions in the request path.

There is an interesting benchmark at https://www.reddit.com/r/golang/comments/3h21nk/simple_micro_benchmark_to_measure_the_overhead_of/

It shows that defer actually adds quite a lot of overhead -- maybe 100ns
per call but we defer a *lot* of functions in the request path. So this
removes some of the ones in request handling, ha, barrier, router, and
physical cache.

One meta-note: nearly every metrics function is in a defer which means
every metrics call we add could add a non-trivial amount of time, e.g.
for every 10 extra metrics statements we add 1ms to a request. I don't
know how to solve this right now without doing what I did in some of
these cases and putting that call into a simple function call that then
goes before each return.

* Simplify barrier defer cleanup
2018-06-14 09:49:10 -04:00
Becca Petrin abb621752f Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
Jeff Mitchell 123e22cd7e Fix compile 2018-01-19 05:31:55 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell c144f95be0 Sync over 2017-10-23 16:43:07 -04:00
Jeff Mitchell f37b6492d1 More rep porting (#2391)
* More rep porting

* Add a bit more porting
2017-02-16 23:09:39 -05:00
Jeff Mitchell 69eb5066dd Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 8d19b4fb53 Add keyring zeroize function and add some more memzero calls in
appropriate places. Known to be best-effort, but may help in some cases.

Fixes #1446
2016-05-27 20:47:40 +00:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell c5ddfbc391 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
Armon Dadgar ef770e371a vault: guard against potentially missing keyring 2015-07-13 18:18:22 +10:00
Armon Dadgar 7ecd8f05d1 nomad: fixing issue with keyring upgrade 2015-07-07 16:02:49 -06:00
Armon Dadgar f6729b29f8 vault: adding ability to reload master key 2015-05-29 14:29:55 -07:00
Armon Dadgar 67ed0a3c16 vault: moving upgrade path into barrier 2015-05-28 16:42:32 -07:00
Armon Dadgar 796ae59a89 vault: support keyring reload 2015-05-28 16:09:15 -07:00
Armon Dadgar 2e86fa62d5 vault: adding barrier AddKey 2015-05-28 15:52:26 -07:00
Armon Dadgar 4e3f0cddcf vault: Adding VerifyMaster to Barrier 2015-05-28 11:28:33 -07:00
Armon Dadgar 26cff2f42f vault: expose information about keys 2015-05-27 17:25:36 -07:00
Armon Dadgar b93feb8a6b vault: first pass at rekey 2015-05-27 17:13:40 -07:00
Armon Dadgar ead96e8c99 vault: first pass at key rotation 2015-05-27 17:05:02 -07:00
Armon Dadgar 3d800fe7be vault: keyring api changes 2015-05-27 17:04:46 -07:00
Armon Dadgar 28560a612f vault: test for backwards compatability 2015-05-27 16:42:42 -07:00
Armon Dadgar e8e9103300 vault: share keyring persistence code 2015-05-27 16:29:59 -07:00
Armon Dadgar 0e9136d14c vault: first pass at keyring integration 2015-05-27 16:01:25 -07:00
Armon Dadgar 70b3b37ffb vault: rename key epoch to term for clarity 2015-05-27 14:37:39 -07:00
Armon Dadgar a03268bc32 vault: Adding an epoch prefix to keys to support eventual online key rotation 2015-04-17 16:51:13 -07:00
Aaron Bedra 95c37c1c4d Clarify Barrier encryption defaults.
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
Armon Dadgar e6fd2f2ce5 vault: Default key size to 256bit. 2015-04-15 13:33:47 -07:00
Armon Dadgar 3ee434a783 vault: Allow AES key to be up to 256 bits. Fixes #7 2015-04-15 13:33:47 -07:00
Armon Dadgar 512b3d7afd vault: Adding metrics profiling 2015-04-08 16:43:17 -07:00
Armon Dadgar 3ed3e23d93 vault: Improve error when unseal key is wrong 2015-03-12 11:27:41 -07:00
Armon Dadgar aa0ca02b8c vault: sanity check key length 2015-03-12 11:20:38 -07:00
Armon Dadgar ea7f4a45e6 vault: Structure the barrier init file 2015-03-05 13:57:45 -08:00
Armon Dadgar e8abe8b0cd vault: First pass at a barrier 2015-03-05 13:27:35 -08:00